Multiface document

ABSTRACT

A multisided card having at least two obverse faces and two reverse faces that are adjacent one another, can be used to print and store relatively insecure information of the obverse faces and to have more sensitive information stored and printed on the adjacent reverse faces. To protect privacy, a caricature or cartoon of an individual can be placed on an obverse face, or in a virtual card, wallet or purse, which image cannot be read by facial recognition techniques but could be recognized by human observers.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a combination of real and virtualdocuments, cards, purses or wallets for identification in the conduct offinancial or other transactions and, more particularly, documents orcards that can be used in secure real or virtual financial transactions,for emergency/disaster management, refugee management, emergency medicalmanagement or for evacuation or travel both domestic and international,all within a secure and trusted environment that can produce trustedsecure multiple layered data in real time in a non stovepipe environmentincluding use in conjunction with Cash dispensing and/or receivingMachines having an Integrated 2/3 D Counter surveillance functions.

2. Description of the Related Art

For many years, identification cards have been provided which have, onan obverse face, pictures, information about the bearer and, on areverse face, a magnetic strip containing much of the same information.Such cards have been used a driver's licenses, credit or debit cards,and, in recent years as an integral part of a passport document.

Variations of such a card might include embedded codes, matrix codes oroptically read information strips. Still other variations might includeradio frequency identification circuits (“RFID”) which can be embeddedin the card body and can be remotely accessed for the informationcontained therein and used for example as a Near Field Communication orhave an embedded contact or radio frequency so called Integrated CircuitChip (ICC) or Smart Chip. NFC and ICC's contain data and are usually ofa read-only type. However, they may be rewriteable, and can becustom-encoded at time of manufacture or issuing in accordance with ainteroperable specification. NFC ICC's can allegedly securely storepersonal data such as financial debit and credit card information,loyalty program data, PINs and network, with other information. The NFCICC's generally fall into four types of ICC that each provide differentcommunication speeds and capabilities in operation configurability,memory, data retention, write endurance and security. The four ICC typescurrently offer between 96 and 4,096 bytes of memory.

In like manner to RFID technology, near-field communication usesmagnetic induction between two sets of usually loop type antennaslocated within each other's near field communication range, effectivelyforming an power air-gap between an reading station and the ICC itself.NFC devices to date operate within the globally available and unlicensedfrequency at 13.56 MHz wherein the RF energy is concentrated in theallowed ±7 kHz band range, but the full spectral envelope may beextended to 1.8 MHz should Amplitude-shift keying (ASK) modulation of acarrier wave be employed.

Theoretical working distance with compact standard antennas are presumedto be about 8″ with a practical working distance of about 1-1½″. Thereare two types of NFC ICC's;

1) Passive type—where the reading station device provides theelectromagnetic carrier field and the non powered NFC ICC within acarrier means or device answers by modulating the existing field. Thecarrier means or device obtains its operating power from the readingstations electromagnetic field, thus turning the carrier means or deviceincluded ICC into a transponder.

2) Active type—where both the reading station and carrier means ordevice communicate by alternately generating their own respective powerfield (which in some devices could be contact provided using the sameMFC protocol). Wherein the respective RF carrier means or devices'powered ICC RF field is deactivated while it is waiting for a data pingor request from a reading station. When a carrier means or device with apowered ICC contained therein is appropriately pinged, it also is turnedinto a transponder but in this instance responds using its own power.

A magnetic field probe can be used to recover the private key of an RSApublic key encryption algorithm. A second demonstration recovers the keyfrom an ECC algorithm from a distance of approximately 3m. Both analysesuse inexpensive readily available RF receiving equipment for signalcollection. Baseband EM approaches are similar to power measurementattacks such as SPA and DPA. EM analyses do not require the same levelof physical access to a device that other side channels may require.Compliance with FCC emission thresholds will likely not provide asufficient level of protection. The presentation discuss hardware,software, and protocol level countermeasures that substantially mitigateinformation leakage, as well as testing methods beyond FCC for quicklyassessing the degree of protection.

The fact is, people steal cars equipped with RFID security. It'sespecially common in Europe, where RFID has been used in cars for longerthan in the United States. To prove the weaknesses of the system,researchers at Johns Hopkins went about breaking in. What they found wasstartling. If you equip a laptop computer with a microreader, a devicethat can capture radio signals, you can capture the transmissions sentout by an RFID immobilizer key. Positioned within a few feet of the RFIDtransponder —say, sitting next to the car owner in a restaurant —thelaptop sends out signals that activate the chip. When the key beginsbroadcasting, the reader grabs the code, and the computer beginsdecrypting it. Within 20 minutes, you've got the code that'll tell thecar to start. (Once you have a good database of codes stored in yourlaptop, the time gets much shorter.).

Pair that code with a copy of the physical key or a hotwire job, andyou're on your way. In the case of the passive ignition system, theprocess is similar, but you need only stand next to the car, not theperson carrying the key. In cars that have RFID entry and ignition, it'san all-in-one process. Break the codes, and you can not only unlock thedoors, but also start the car and drive away. According to some securityexperts, this is the problem with the system. RFID is a really greataddition to a car's physical security system, but on its own, it allowsfor complete access with just a single act of decryption. For a thiefwith good equipment, it's a snap.

This is where the RFID, insurance and car industries object to theportrayal of RFID systems as faulty. Sure, the Johns Hopkins researcherscould break it. They have money and hardware. The idea that car thieveswould never take the time or spend the money to break an encrypted codeis contradicted by the fact that a payoff of tens of thousands ofdollars for a high-end car, motivate thieves to try. And whereaslocksmiths weren't allowed to copy RFID-equipped keys at first,annoyance on the part of car owners who lost their keys led to aloosening of the rule. Now, both locksmiths and regular consumers canbuy kits that can capture and clone an RFID code. The result is thatpeople are losing their RFID-secured cars, and insurance companies callthe owners' claims fraudulent because RFID security is uncrackable. Theowners must be lying.

There are a few possible solutions to this problem that don't involvescrapping RFID. The Johns Hopkins scientists propose several ways tobetter secure the system: First, RFID makers should switch from 40-bitto 128-bit encryption; owners should wrap their fob in tinfoil when notusing them, to help block fraudulent signals from activatingtransmission; and most important, carmakers should use RFID technologyas an additional security measure, not the sole one. As with any othersecurity system, the advice is simple: Layer up. Don't rely on anysingle protection method. Instead, use several different types ofsecurity in order to make it as complicated as possible to bypass.

SUMMARY OF THE INVENTION

A problem with current cards or documents in which the card is anintegral portion, is the inherent insecurity being vulnerability todamage and defacement rendering such cards unreliable should they beinvolved within a disaster situation such as an earthquake, tsunamievent or the like in a conventional two surface card or document that isopen to public gaze and scrutiny both visually and electronically inseveral formats is vulnerable to striation damage caused by debris suchas in a Twin Tower type event, earthquake, and the like that may alsoinvolve water or other fluid lubricant combining to cause surface damageto surface readable data including a surface mounted ICC such as foundon a Personal Identification Credential etc to cause a malfunction ofthe document. Information on the card can be perceived by any observerand surreptitious copies may be made of the information that is visibleon a card face. For example, a photograph may be taken of a card andused to duplicate the card as a counterfeit.

Documents with embedded RFID or contactless ICC type devices areintended to be remotely read by authorized agencies, yet anyone with anappropriate ICC and/or RFID interrogating device can gain access to andcopy the extracted information so obtained, as well. Similarly, matrixcodes, names, addresses, dates of birth, or other optically readinformation can be copied for nefarious purposes. Such a document orcard is therefore, inherently insecure.

Virtually all documents and cards which serve either a governmentalfunction or a commercial purpose contain limited amounts of information.Moreover, if a government issued card or document includes picturedphotographic data of the holder that is a copy of that Governmental socalled ‘breeder’ identification data because it has been validated bysaid government, it is possible that use of the card or document mightbe subjected to picture recognition software by unauthorized thirdparties such as criminal or terrorist affiliates. As a result, thegovernmental verified and authenticated ‘breeder’ identification data,biographical identification data and associated support data, such asencryption/decryption Key data embedded there, for example, in a machinereadable line of data is available. All of this data can be retrievedand stored in a database linked to the picture and the individuals'derived facial recognition pattern or derived algorithm in one orseveral formats which, in all cases, may not be a desired result eitherfor the individual or the government concerned.

Furthermore the surface data on such a card as well as any additionallycontained RFID, such as Near Field Communication chip (NFC) can becompromised and no longer used as a credit/debit document or card. SuchRFID NFC Chips, if contained within the conventional smart phonerendered inoperable due to disaster damage, if intended for disasterrelief payment use as well as Fraud or misappropriation control. Forexample, a conventional purpose built disaster identification card suchas the California Public Assistance card which is issued as a dollarvalue debit Card which equates to cash. This card, with NFC can be usedfor trusted aid distribution without cash disbursement or the IntegratedCircuit Chip (ICC) Smart Chip are both vulnerable to abrasion anddeformation damage in the event that the holder/user is involved in anaccident or natural disaster. Accordingly, damage to such a card ordocument causes it to become unstable or malfunction, again not being adesirable outcome.

In the main, Cardholders should be educated to use Chip and PINtechnology within a ICC card or other form of NFC. Attempts at solvingthe inherent weaknesses of the foregoing user experience, whetherlogging into an online bank, effecting financial transactions or makinga payment are being developing within multi-function Europay®,MasterCard® and Visa® (EMV) card readers with multi-layer security thatwill, as purported, enable a secure client-side environment and enhancedtwo-factor authentication with Chip and PIN. This technology ispurported to simultaneously effect the foregoing and enable banks tooffer new services to their clients. However, the questions of privacyand secure data, especially for the holder/user to prevent theiridentity becoming involved in identity fraud at a government level aswell as false or fraudulent financial transactions should always be asource of concern for the holder/user of the document.

BRIEF DESCRIPTION OF INVENTION

By utilizing the Automatic Data Acquisition (ADA) capabilities availablewithin camera equipped commercial off the shelf (COTS) PS's,Smartphone's, Tablets and similar devices as the foundation hardware inlieu of additional microprocessor/s required to effect trusted ADAaccordingly all transactions can be performed in a trusted multifactoroperator or customer identified environment at minimal if any deploymentcost over and above their normal cost of doing business. According tothe present invention, a document or card is further subdivided intosegments so that there are at least four faces capable of carryinginformation. There are two obverse or outer faces and two reverse orinner faces. The two segments may be joined by an integral hinge, eitherat the vertical side or joining the bottom of one segment with the topof the other or with a grommet that permits the segments to rotaterelative to each other so that the normally concealed reverse faces canbe displayed. In some embodiments, the grommet may itself be a securitydevice that can disclose tampering.

Each document or card is preferably constructed of Opacity, fade, fluidand moisture resistant flexible material and or a laminate or layeredconstruction of permanently welded or fused together materials into asingle inseparable structure that, if bent or semi-deformed, will returnsubstantially if not completely to its original finished shape orcontour. Before being permanently welded or fused together into a singleinseparable structure, each layer or lamina of the finished document orcard in a preferred form would consist of two or more variable thicknessrigid and/or flexible layers or laminates.

In a preferred embodiment, the card or document would be made up ofseveral layers with a first layer of clear, wear and fade/opacityresistant material. A second layer could also be clear and fade oropacity resistant material having its reverse side security printed in amanner that would be tamper evident. A third layer can be colored tocomplement the security printed second layer and, preferably, isconstructed to act as a faraday cage. Such a cage can be printed with ametallic ink or could be a layer of copper or other suitable materialwire mesh.

A fourth layer can carry or contain a passive, transponderized,integrated circuit chip (ICC) or a plurality of passive or activetransponders within ICC's which can act as a user controlled radiofrequency database which can store digital certificate/s, PKI or othertype encryption/decryption Key/s, Shared Secret information such as aPersonal Identification Number (PIN) or a color sequence that can beentered by a operator in like manner to a PIN but capable of confusingan observer due to its unpredictable entry such as being embedded withinvariable color matrixes. Other shared secret information, such asbiometric identification for the lawful holder or user of the document,such as can be found in a ICAO electronic passport, transport workeridentification credential/card, personal identification verificationcredential/card, personal identification verification-Industrycredential/card or other like device could be included.

A fifth layer of clear material preferably includes, on its reverseside, a security print that is tamper evident, A final or sixth layershould also be of a clear, wear, fade and opacity change resistantmaterial, which can be permanently welded/fused together into a singleinseparable structure.

Among the several features of the present invention is the provision ofa caricature on a outer or public surface of the document or card of thebearer. This graphic image, which cannot be used in a facial recognitionprogram, to a human observer, can be used to recognize the bearer as theperson authorized to have the document.

An additional feature of the present invention can be the provision of amatrix code which can be recognized by a scanner, PC, Laptop, NetbookPDA or cell phone camera as an address or URL which can bring up a webpage with information or other useful data preferably in encrypted formthat is usable by an authorized operator. In the case of a document suchas a transaction receipt, loyalty coupon or a discount coupon connectedwith a PKI Certification Directory or other type Digital Signaturevalidation authority or entity for managing encryption/decryption Key/sfor digital signing and validation purposes as well as encryption,decryption key management and trusted exchange for interchange withgovernment, entities and commercial operation such as merchants. Anyassociated web page can provide an encoded personal identificationnumber which can only be seen when appropriately masked by a speciallyconfigured portion of the document. The mask can be normally concealedwhen the reverse sides are adjacent and only the obverse sides arevisible.

If desired, another matrix code can, when scanned, generate biometricinformation about the bearer which can then be independently verified byappropriate biometric sensors operated to check the identity of the cardbearer.

Two factor identification is well known to those skilled in the art, buthas severe limitations when used as “something you know”, for example aPIN number. Because of the limitations of personal memory, for practicalpurpose a PIN would rarely exceed ten numbers. Such a PIN has anextremely low entropic value, particularly should it be considered foruse as the basis for a public key within a Public Key Infrastructure(PKI) for the purposes of providing a digital signature or for securecryptographic transfer of funds in a financial transaction.

According to the present invention there is taught how to deploy aPrivate cryptographic Key value that can be present as the second factorin a two factor Identifier system in financial or other transactions.This is of particular value for the deployment of Multiface Documentsthat contain confidential information and/or computational capabilitiesfor use within secure and confidential financial transactions or otherapplications that would be apparent to those skilled in the art.Associated Virtual cards, as companion documents, can be containedwithin a securely lockable, owner controlled, virtual wallet.

This is of particular importance when portable computer devices are usedover the internet to effect either the transfer of anonymised digitalfunds or in other trusted transactions such as keeping spendinginformation between an individual and their financial institutionrestricted to only those two parties. This is accomplished, withoutregard to communication networks used to effect spending and theinvolvement of third parties who, though essential to delivering thetransaction data, will not be able to relate said data to the saidindividual or the spending information, regardless of type such asdirect transfer between accounts or to effect the delivery of cash froma so called ATM debit or credit card type transactions, even ifdelivered by so called cloud computing as well as traditional networks.

There is also taught the foundation methodology for effecting “somethingyou know” into a high, non-reversible entropic value suitable for theprovision of an extremely strong Public cryptographic Key suitable foruse from relatively low processor power of the human memory and mobiledevices.

In an embodiment which includes the embedding of an RFID chip also knownas a radio frequency smart chip, an identification database held withinan active or passive Integrated Circuit Chip ICC in the document or card(as is currently required under U.S. government policy for passports), afaraday cage screen can be embedded or imprinted on or in the documentusing a metallic ink on an intermediate layer on both parts of thedocument or card or so that when the reverse sides are adjacent, theRFID chip is completely shielded, protecting against unauthorizedaccess. Alternatively, the RF antenna circuit can be interrupted andonly connected with a pressure connection or a sliding switch.

It is also possible to imprint with metal ink on an interior surface ora laminate of the card's materials, the optically readable informationnormally included within a passport. When the interior surfaces aredisplayed, the information can be read, but when the interior surfacesare concealed, the information is no longer accessible.

In a first embodiment of the invention, the document comprises two cardseach preferably a laminate of materials each preferably constructed offluid resistant flexible material that, if bent or semi-deformed, willreturn substantially, if not completely, to its original finished shapeor contour, joined at one or two comer/s by a grommet or a identifiablesecurity grommet which allows the cards to be rotated, relative to eachother, revealing the interior or reverse surfaces and the informationcontained thereon. In alternative embodiments, the two cards are joinedby an integral hinge either at the side or at the top and bottom so thatthey can be folded together to conceal the reverse faces with only theexterior, obverse faces being visible

In alternative embodiments, additional cards each preferably a laminateof materials and each preferably constructed of fluid resistant flexiblematerial that, if bent or semi-deformed, will return substantially ifnot completely to its original finished shape or contour. By adding sucha card or cards, there can be provided yet additional features,including constructed preferably from a clear material with an embeddedwire or metal ink wire mesh that forms a dividing faraday cage so thatCard 1 or Card II can be effectively RF protected while the card holderuses either individual card.

These card or cards can also provide the feature of a mask which caninteract with a PC Screen or other such device that can read a matrixcode, to mask such a code to both the operator and any other individual.This ensures that the mask obstructs the matrix code should a screenshot be taken either from within the device or from an external devicefrom the display screen that is touch sensitive or mouse driven or a“smart phone” or other PDA device with an interactive display andinternet access.

There can then be displayed on the screen masked patterns which can berecognized as an internet URL, or a onetime personal identificationnumber, or a validation or confirmation code for use in such matters ascard transactions without the need for the physical card. Receipts,single use, or other documents can be created and appropriately maskedon the display which when unmasked, preferably only in close line, arerecognizable by ATM machines. Also, such virtual mask capable documentscould serve as a travel document, such as a boarding pass, thatpreferably provides that a biometric binding between the systemadministrator/operator and the end user be established in order that abiometric confirmation can be established.

In yet other embodiments, the document may be a “virtual card” whichexists only in cyberspace but can be employed in conjunction withdisplayed information to effectuate a secure transaction. The conceptcould extend to a “virtual purse or wallet” which could contain several“virtual cards”, each associated with a different application orbusiness transaction. Each card could represent an account with amerchant or a bank and would include a code that can be displayed ordeployed in operator controlled masked form that would start a contactor be used to confirm a transaction with the merchant or bank. Yet otherfunctions can be envisioned for the “virtual card” such as healthtreatment cards, insurance cards, driver's licenses among others.

In all instances however, it is preferred that a biometric binding ofthe system administrator/operator and the end user be established inorder that a biometric relationship can be established for most if notall transactions in the absence of strong PKI two factor verificationand authorization as disclosed herein. This can be facilitated by a userdragging his caricature or picture and dropping it over a onetimetransaction high density code, which may be masked in order to preventobservation or other covert use, to establish the recognition.Simultaneously, if required an integrated camera or other biometric datagathering device collects the biometrics of the user at that time and,preferably, should the transaction exceed an agreed threshold betweenthe individual and their financial institution, both verifies andauthenticates the user's identity so that the transaction can proceed.

Each transaction may at any stage create a high density code that may bein a display masked format and retained in a PC, laptop, netbook, smartphone or any other device with a memory, a display and an internetconnection, for subsequent use. In some instances, the operator may berequired to unmask the matrix code, but only in close line of sight of adata gathering devise in order to facilitate after validation andauthentication wherein the authorized data gathering device onlydisplays the matrix code data acquisition location points but not thematrix code obtained if necessary, by contemporaneously collectedbiometrics of the individual seeking entry at a gate, effecting atransaction at an ATM, entering or remaining in a secure area, or formedical purposes, including record transfers of any type and medicaltreatment authorizations or-other useful purpose. The foregoing highdensity code or matrix issued to be used by a secondary device such as acommercial transaction or for cash/payment type transaction such ascash-out or for delivery of cash from an ATM, the matrix can preferablybe ‘pixilated out’ making it unusable and only readable to a automaticdata acquisition type device associated with the foregoing typetransactions when the operator presses a suitably enabled button, suchas a side mounted volume button on a smart phone, tablet, PDA or othersuch device in order that a third party is unable to covertly copy sucha valuable matrix before its use by the intended recipient.

Two factor identification between an entity and an individual usingvirtual templates wherein certain preset finger or other pointing devicemovements or actions performed by an individual on a touch sensitivedisplay such as a smart phone, tablet or similar device activates thedevice or terminal's camera or cameras to collect an image or sequenceof images or derived templates thereof and transmit all that data to theentity to confirm a card not present transaction. However, in likemanner, an individual owner of such a device can perform multi factoridentification to such a device using preset operator defined movementsor actions performed by an individual on a touch sensitive display suchas a smart phone, tablet or similar device to activate the devicesoperating system itself on which the follow on applications such as auser controlled “virtual wallet” or “purse” in which several differententities' virtual cards can be securely kept collectively and used onlywhen the rightful owner chooses. This aspect takes on particularimportance should the device holding the cards be lost or stolen.

“Virtual” credit or other entity cards, in addition to other usercredentials, may be created as secure files and subfiles in a remoteserver accessible securely through the internet. The user or individualowner can create a personal virtual card with its own uniqueencryption/decryption trusted key exchange for the user's personal use,Such virtual accessible documents could be a birth certificate, marriagecertificate, deeds to property, and any other valuable document whosepresentation may be required.

Accordingly the ability to access any device or operating system thatcan run applications capable of effecting access to such user datashould be a multi factor identification component of any device's ownoperating system so that the capability of even being able to attempt torun the individual controlled virtual wallet or purse or similarsecurity sensitive application is denied to any person not capable ofmeeting a multifactor identification process as part of the deviceoperating system itself or any time out or other user defined parameter.Once recognized, the locked virtual wallet or purse containing virtualcredit, debit or other such financial transaction cards as well asencryption decryption keys can be accessed by a rightful user.

Activation of a device operating system has traditionally been userdefined with the default setting being no action required or a so calledpersonal identification number or PIN, something the operator knows andcan enter into the device via a real or virtual keypad, or other suchpointing device. Any such PIN, because of individual memory capabilityor the requirements of repetition, ensures that the PIN rarely exceedseight characters and accordingly has a low entropic value. A casualobserver can, over time, anticipate numeric key pad strikes.Alternatively, the PIN can be compromised by covert observation orrecording a PIN entry and its potential subsequent use to the detrimentof the individual owner.

For example, various colored spheres, circles, picture or cartoon thatincorporate a user defined and memorized template can be displayed overan underlying and therefore not readily visible matrix which recognizesand responds to the predetermined template. The creation of such anunderlying matrix allows the creation of a PIN with an extremely highentropic value in that multi factor identification can be achieved. Theindividual seeking to open a device operating system must; first—havepossession of the device; second—know the position of the underlyingvirtual template behind the displayed color image that usefully can jogthe user's recall of the template location in a manner similar to theretrieval of a forgotten PIN by being able to provide a first pet's nameor other challenge; thirdly—the individual can touch, in sequence, thehidden template entry points; fourthly—the cadence of entry sequence canbe timed; fifthly—tracing or tracking the digital/finger tracing patternon a touch sensitive screen on a smart phone, tablet or other suchdevice can be digitally recorded and, in combination, determine if anacceptable threshold of identification has been established. Further anencryption/decryption key set can be acquired by the device from theindividual via a mini multisided card with such data contained within amatrix or matrices concealed on the reverse document surfaces.

The novel features which are characteristic of the invention, both as tostructure and method of operation thereof, together with further objectsand advantages thereof, will be understood from the followingdescription, considered in connection with the accompanying drawings, inwhich the preferred embodiment of the invention is illustrated by way ofexample. It is to be expressly understood, however, that the drawingsare for the purpose of illustration and description only, and they arenot intended as a definition of the limits of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a representation of a document according to a first embodimentof the present invention;

FIG. 2 is a representation of a document according to a secondembodiment of the invention in which the parts are joined by an integralhinge;

FIG. 3 illustrate an alternative embodiment of the document of FIG. 1but with different surface and construction features;

FIG. 4, including FIGS. 4A and 4B shows the assembled document of FIG. 3and by example FIG. 1 with the component parts being joined with agrommet;

FIG. 5; shows the document of FIG. 1 connected using a grommet with anadded document element;

FIG. 6 is an alternative embodiment of the invention with four documentselements joined by integral hinges;

FIG. 7 is an alternative embodiment of the document of FIG. 5 withelements joined by a grommet and with an additional element havingdistinctive surface features;

FIG. 8 shows the document of FIG. 5 in use with the display of acomputer which will enable secure card not present transactions;

FIG. 9 is a representation of a computer screen containing informationwhich is related to the use of a document for a secure card not presenttransaction;

FIG. 10 shows the use of the document of FIG. 5 with the computer screenimage of FIG. 9 to complete a secure card not present transaction;

FIG. 11 shows the document of FIG. 5 in use with cellular telephonecomputer which will enable secure card not present transactions;

FIG. 12 shows the combination of FIG. 11 with a particular patternpresented on the telephone display to that of FIG. 9 which will enablesecure card not present transactions;

FIG. 13 is view of an ATM machine presenting a display to be used with adocument according to the present invention;

FIG. 14 illustrates the use of the document of FIG. 5 with the ATMmachine of FIG. 13

FIG. 15 including FIGS. 15A, A5B, 15C and 15D is a view of the layerscomprising one of a pair of laminated documents according to the presentinvention;

FIG. 16 including FIGS. 16A, 16B, 16C, 16D, 16E, and 16F is a view ofthe layers comprising the other of a pair of laminated documentsaccording to the present invention;

FIG. 17, including FIGS. 17A, 17B, and 17C, is a representation of acamera and optional Face, Palm, fingerprint, iris, retina or voicerecognition equipped telephone for user authentication;

FIG. 18 including FIGS. 18A and 18B is a view of a document or card thatwithin its laminates is an interrupted RFID two part circuit which iscompleted with either a pressure domed switch or a sliding switch;

FIG. 19 is a view of a wireless internet computer integrated display atthe beginning of a secure transaction;

FIG. 20 is a view of the integrated computers display of FIG. 19 at asecond stage of a secure transaction;

FIG. 21 is a view of the display of FIG. 19 at a third stage of a securetransaction;

FIG. 22 is a view of the display of FIG. 19 at a fourth stage of asecure transaction aided by the document of FIG. 3 or FIG. 2, 4, 6 or 7;100691 FIG. 23, including FIGS. 23A, 23B and 23C, shows the stages of asecure transaction using a “smart” cellular phone and a virtual card;

FIG. 24, including FIGS. 24A, 24B, 24C and 24D, shows the use of a“smart” cellular phone to invoke a transaction using a owner controlledand operated virtual wallet (FIG. 24D) or purse (FIGS. 24A 24B & 24C) toboth secure virtual cards as well as facilitate their use by the ownerwith multiple entities;

FIG. 25 is a view of a display showing a “virtual” card at the beginningof a secure transaction;

FIG. 26 is a view of the display of FIG. 25 at a later stage of a securetransaction:

FIG. 27, including FIGS. 27A, 27B and [-] 27C shows alternative forms ofuser authentication;

FIG. 28, including FIGS. 28A, [-]28B and 28C shows forms of userauthentication for access to virtual wallets, purses and lockers;

FIG. 29 including FIGS. 29A-29E shows yet other alternative forms ofuser authentication for access to virtual wallets, purses and lockers;

FIG. 30, including FIGS. 30A and 30B show yet other alternative forms ofuser authentication for access to virtual wallets, purses andlockers;[.]

FIG. 31, including FIGS. 31A, 31B and 31C illustrates the display for a“virtual vault”;

FIG. 32, including FIGS. 31A-32D, illustrate the use of the openedimprinted faraday cage to access RFID chips;

FIG. 33, including FIGS. 33A, 33B and 33C show alternative forms of barcodes or matrices;

FIG. 34, including FIGS. 34A and 34B shows an example of an alternativemultiface document; and

FIG. 35, including FIGS. 35A, 35B and 35C show yet a differentalternative multiface document.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the embodiment shown in FIG. 1, a document 10 is provided with four(4) faces. In this embodiment, the document 10 includes two separatecards, card I 12, and card II 14. Each card 12, and 14 has an obverseface and a reverse face. As seen, card I 12 has an obverse face 16 and areverse face 18. Similarly, card II 14 has an obverse face 20 and areverse face 22.

As shown, the obverse faces 16, 20 include a distinctive colored pattern24 to discourage counterfeiting and a document ownership statement 21.This pattern may further include security metallic ink and may be uniqueto each document's visible surface, including properties in the thermalinfrared range. The obverse faces 16, 20, can also include an officialuser purpose or application generated with security ink, preferably ametallic ink 23 governmental seal, for example, a departmental seal 26on obverse face 16 and a governmental seal 28 on obverse face 20.

A degraded image 30 of the bearer on obverse face 16 is sufficientlyrepresentative to enable a human observer to recognize the image 30 asthat of the bearer. Such a degraded image 30 might be considered a“caricature” or “cartoon” and is intended to be unusable for facialrecognition equipment. Accordingly, a surreptitious scan of the imagewould not allow any information obtained from obverse surfaces to beincluded in or associated with a database record that is otherwiseassociated with the bearer.

On the obverse face 20 of card II 14, an encoded matrix image 32 isimprinted, preferably with metal ink. This matrix image 32 can, inconjunction with a scanner, camera equipped PC, laptop, netbook, ortablet device, or any digital camera in a cell phone or other PDAdevice, be decoded to represent the address of a web site which, wheninvoked, can provide information about the document 10 and how it can beemployed as, for example, as a travel document or a passport or othersecure type application document.

The reverse faces 18, 22 are not normally visible but must bemanipulated by the bearer or a person with the authority to view thosefaces. As shown, one of the reverse faces 18 includes a photographicimage 34 of the bearer but partly overlaid with a departmental seal 27to thwart facial recognition scans but still capable of humaninterpretation as being a photograph of the holder.

A magnetic strip 35 is included for the storage of magnetically codedinformation that can be read by a magnetic scanner. A digital matrix 36,when decoded, presents biometric data, preferably in an encrypted form,of the bearer which can be used to verify independently scannedbiometric data at an inspection station.

The comparison of the stored biometric data with the independentlyobtained biometric data is used to confirm the identity of both therespective card and the bearer of the document 10. In accordance withthe teachings of the present inventor, the biometric data of thedocument 10 and the currently presented biometric data can be comparedwith the bearer's biometric data that is stored in a remote data baseand or the secure portable database contained in the matrix and cardsurface readable data to confirm that the bearer is the person that hepurports to be.

In this example, the other reverse face 22 carries information usuallyfound on a passport, including the governmental seal 28, an opticallyreadable information strip 38 and a digital matrix 39. The caricature 30is also included which sufficiently resembles the bearer so that a humanoperator can, in all probability, recognize the bearer as the person socaricatured to enable the visual matching of the two component parts 14& 16 during assembly or should they become separated, deliberately orinadvertently.

In the example, card I and II are perforated at 11 in such a manner asto not interfere with the functionality of either card but to enabletheir conjoining with preferably an identifiable security grommet thatallows their rotation by the holder's deliberate action to expose theirobverse and reverse surfaces 12 and 14.

Turning next to FIG. 2, there is shown an alternative embodiment of thedocument of the present invention. The alternative document 31, as inthe embodiment of FIG. 1, includes two cards joined by an integral hinge41, card I 42 and card II 44. For the present example, the document 31could be a District of Columbia Driver's, or any other type of License.

Accordingly, the obverse faces 46, 48 include a governmental seal 50, acaricature of the bearer 52 and a coded matrix pattern 54, which, whenscanned by an appropriate device, resolves into a web address whereadditional information can be found, preferably specific to the user. Asin FIG. 1, a color pattern 24, unique to each document surface, can helpprevent counterfeiting.

An additional feature of this embodiment is a transparent and obstructedmask strip 56 of the same color as the dark magnetic strip 58. As anexample here the strip is divided into five holder specific zones whichmay be used in conjunction with an encoded display (better seen in FIGS.16 and 22) that can reveal a selected alpha numeric code combinationwhich, when entered, validates a transaction or verifies an inspectionof use specifically in card “not present” (virtual card) transactions.To preserve the integrity of the mask 56, a dark magnetic strip 58 islocated on the reverse face of the opposing card 42 so that when thedocument 40 is folded, the masking elements of the strip 56 will beobscured and not discoverable while the document or card is securelyclosed.

The interior reverse faces, reverse face of card I 60 and reverse faceof card II 62, contain information normally hidden from public scrutinyand which is exposed only when the bearer wishes to expose it. Whichinformation is on which face is a matter of choice and the faces couldbe considered interchangeable. In the present embodiment, the reverseface of card II 62 contains the caricature 52 together with an encodedmatrix 64 which, when decoded, can provide secure personal and biometricinformation unique to the bearer, preferably in an encrypted form.

The reverse face of card I has a photograph 66 of the bearer, partiallyobscured by the seal 50 to defeat facial recognition software. Anadditional code matrix 68 can include other secure personal informationincluding image and other biometric data as well as other data such asdate of birth and place of residence. Much of the same biographic and orencryption key and or checksum-data information can also be encoded andstored on the magnetic strip 58, an important function of which is toobscure the mask pattern of the transparent, segmented mask 56. Tofacilitate the use of the mask 56, indexing or positioning points 57,here shown as clear spaces on both the obverse and reverse faces 48, 62are provided. The card surface 44′ is placed uppermost against thedisplay screen of a computer, netbook, cell phone or other device whichhas an integral display screen, wherein the indexing apertures 57 can bepositioned against single use indexing marks in order that thetransparent apertures can be utilized.

Turning now to FIGS. 3 and 4, an alternative document 40′, substantiallyidentical to document 40 is shown with grommet holes 11′ in lieu of theintegral hinge 41, permitting the cards to be joined with, preferably, asecurity identifiable grommet (shown in FIG. 4). Similar, features willbe given similar reference numbers with an added prime.

As in FIG. 2, the document 40′ could be a District of Columbia Driver'sLicense. Accordingly, the obverse faces 46′, 48′ include a governmentalseal 50′ and 47, logo type text specific to the documents functionality51, a caricature of the bearer 52′ and a coded matrix pattern 54′,which, when scanned by an appropriate device, resolves into a webaddress where additional preferably individual user specific informationcan be found. As in FIG. 1, a color pattern 24, unique to each document,can help prevent counterfeiting.

An additional feature of this embodiment is a transparent mask strip 44,56, 59′ which may be used in conjunction with an encoded display (betterseen in FIGS. 16 and 22) that can reveal a selected alpha numeric codecombination which, when entered, can validate a transaction or verify aninspection. To preserve the integrity of the mask 56′, a dark magneticstrip 58′ is located on the reverse face of the opposing card 42′ sothat when the document 40′ is joined closed as per hinge 14 as depicted,the masking elements of the strip 44 and 56′ will be, as the userdetermines, either obscured or exposed.

The interior reverse faces, i.e. the reverse face of card I′ 60′ and thereverse face of card II′ 62′, contain information normally hidden frompublic scrutiny and which is exposed only when the bearer wishes toexpose it. Which information is on which face is a matter of choice andthe faces could be considered interchangeable. In the presentembodiment, the reverse face of card II′ 62′ contains the caricature 52′together with an encoded matrix 64′ which, when, decoded, can providepersonal and biometric information unique to the bearer and can act as asecure portable database.

The reverse face 60′ of card I′ has a photograph 66′ of the bearer,partially obscured by the seal 50′ to defeat facial recognitionsoftware. An additional code matrix 68′ can include other personalinformation such as date of birth and place of residence and can act asa secure portable database. Much of the same biographic information canalso be encoded and stored on the magnetic strip 58′ includingencryption/decryption key and checksum data, which obscures the maskpattern or zones of the transparent portions of mask 56′. To facilitatethe use of the mask 56′, indexing points 57′, shown as clear spaces onboth the obverse and reverse faces 48′, 62′ are provided.

FIG. 4 shows the assembled components of FIGS. 1 and 3 being conjoinedby a grommet preferably of a security and identifiable type 41′. It canbe seen that when the document or card is in the closed position thefive clear apertures 56 within the strip 59 are not perceivable againstthe matching dark background of the magnetic strip 58 which isspecifically size matched for this purpose.

FIG. 5 shows an embodiment similar to that of FIG. 1, but with an addeddocument or card element 70. The obverse face of card 1″, 72 differsslightly from the obverse face 16 of card 112. However, the card II 14of FIG. 1 can be used without modification.

Added card element 73 is preferably a laminate inserted between card I″72 and card II 14. Preferably, card element 73 is transparent with someadditional features added such as the governmental seal 28 and a matrixelement 74 which can perform the function of a secure encrypted portabledatabase specific to that document or card 70 function and may includebiometric data or templates of the holder. A plurality of viewingapertures 75, which may either be actual apertures in the card elementor may be just printed or preferably security printed within thelaminates with metallic ink circles defining the “real apertures” orotherwise. A horizontal indexing line 76 and a vertical indexing line 78near one end of the horizontal line 76 are, preferably, again securityprinted within the laminates with metallic ink. The indexing lines 76and 78 are used to align the card with an information presentation on adisplay screen so that elements of the presentation can be selected andcan serve as a secure, one time, “card not present” (virtual card)personal identification characters, which, when entered, identify aparticular user, much the same as PIN numbers.

Turning to FIG. 6, a hinged document 80 functions much in the same wayas the document of FIG. 1, in which the elements are to be joined,preferably, by a security identifiable grommet. In this embodiment,reverse surfaces can be utilized in like manner to FIG. 1, however inthis case they are hinged as in FIG. 2 with additional transparent cardelements 82, 84. Both elements 82 and 84 are constructed, preferably, aslaminates as in FIG. 5 and are respectively used to complement thereverse surfaces to provide multi functionality with one document orcard.

The first card element 82 includes a mask 86, similar to transparentmask 56. Card element 82 need not be transparent but includes indexingapertures 88 so that the card element can be aligned with a display toreveal alpha numeric characters in the mask 56 clear areas.

The second card element 84 is similar to the transparent card 70 of FIG.5 and includes the same features, such as the viewing apertures 75′ andthe horizontal and vertical alignment lines 76′,78′.

Turning next to FIG. 7, there is shown an alternative form of thedocument of FIG. 5 with a different additional inserted card 90 betweena first card 72′ and card II 14. As shown here, card II 14 includes acaricature 30, the digital information strip 38 and the digital,preferably encrypted matrix 39, which may contain data as previouslydescribed.

The inserted card 90 can include a departmental seal 26 and agovernmental seal 28. Also included are transparent alignment apertures57, a transparent mask 86 and semi transparent or obstructed components87. When aligned using 57 on a preferably touch sensitive displayscreen, it can be viewed through mask 86 to determine which alphanumeric characters on a display screen are revealed to provide a uniquevalidation code. Preferably, element 90 is constructed to be similar tothe FIG. 5 element 73

FIGS. 8-10 illustrate the use of a document 70 in completing a securetransaction. In FIG. 8, the transparent card 70 is held against thescreen of a display 100. Preferably, the display 100 includes anintegral camera 102 and microphone 104. Also shown is a keyboard 106that includes a touchpad 108 and a fingerprint scanner 110 in additionto the usual alpha numeric keys. The screen 114 is shown with aconventional cursor 116.

In FIG. 9, the screen 114 displays a matrix 118 made up, in thisexample, of various colored spheres or circles. A pair of indexingarrows 120 is shown adjacent the top of the matrix 118. During thetransaction verification process, the matrix 118 can move about thescreen 114 and the indexing arrows 120 can move vertically until allscreen movement is paused by an appropriate key stroke or touch pad“click”, at which point, the matrix 118 and indexing arrows becomestationary, with the indexing arrows 120 adjacent a selected one of therows of the matrix 118. The screen 114 also displays a caricature 122and a digital transaction confirmation trigger matrix 124.

At the next step in the transaction, after the matrix 118 is paused, thetransparent card 70 is placed over the screen 114 and the vertical line78 is placed adjacent the edge of the matrix 118 and the horizontal line76 is aligned with the indexing arrows 120. The apertures 75 will thenbe aligned with selected spheres of the matrix 118 elements, which whencursor 116 is maneuvered over them and clicked, will, on completion,activate a confirmation code combination. If the screen 114 is a touchscreen, an operator digit or stylus movement may be tracedand may beused to record the time pattern sequence by the operator to touch eachof the revealed variable colored spheres to enable a system recognizedaccess code or one time pin

Alternatively, the cursor 116 can be drawn under each aperture and theselected character may be clicked.

When all of the revealed code characters have been identified, in apreferred embodiment of the system, the caricature image 122 can bedragged over the digital trigger matrix image 124. The integral camera102 can then take an image or sequence of images of the user and, withthe predetermined triggering of the matrix with the caricature of theintended user, the image of the user and the confirmation code can betransmitted to an appropriate organization where the confirmation codeand image can be verified. If verified, the transaction is consummated.The transaction can range from a travel authorization or a visa to atransaction with a vendor of goods or services, as well as the issuanceof a high density code or a virtual card which may have a single ormultiple use functionality which, when displayed at a terminal or readerof any type, can provide verification and authentication, which canpermit entry, payment or other useful purpose. The dragging of acaricature image 122 over the digital trigger matrix image 124 providesthe basis for consistent positioning of the user for imaging and, whereappropriate, be used subsequently for prosecution of fraud, inasmuch asall transactions are biometrically bound to the user and the customerwith transaction specific encryption, decryption keys.

FIGS. 11 and 12 illustrate a similar transaction utilizing a “smart”cellular phone 130 that has a touch screen 132, a camera 134 and afingerprint scanner 136. A document similar to that shown in FIG. 5includes a transparent card 70 which can overlay the smart phone screen132 for a transaction. As shown in FIG. 12, the matrix pattern 118 ispresented and may, until paused, move about the screen 132.

As in the previous example, the phone screen 132 displays the matrixpattern 118, the caricature 122 and the digital matrix 124. Whenproperly aligned over the matrix 118, the apertures 75 will selectivelyreveal to the user the appropriate images that correspond to thesecurity or confirmation code. When these are selected, using a stylusor finger pressure, the transaction can proceed. The camera 134 willcapture the image of the user when, as required, the caricature image122 is dragged over the digital matrix image 124 to initiate thetransaction. Shown is a submit button 126 for use as may be necessarywithin the transaction. It may also be necessary to utilize functionkeys of the phone 130. The dragging of caricature image 122 over thedigital trigger matrix image 124 provides the basis for consistentpositioning of the user for imaging. If fraud is involved, the image cansubsequently be used in the prosecution as all transactions arebiometrically bound to the user/customer with transaction specificencryption, decryption keys.

On completion of the transaction, a receipt image or virtual single ormultiple use card may be stored in the phone or secured within a virtualwallet contained as an application within such a phone or other suchuser controlled device, 130 to be displayed to an appropriate detectorwhich will be able to recognize the image as a proper authorization foran action or procedure. For example, the receipt may be a boarding passfor an airline or an authorization for a withdrawal of cash from an ATMmachine.

FIGS. 13 and 14 illustrate a secure transaction at an ATM machine 140. Aintegrated security camera preferably with thermal infrared capability142 is provided for surveillance to assure that the user is not under athreat or duress or using disguise techniques such as holding a facereconstruction, mask, mannequin or other ruse to defeat the biometricidentification data gathering equipment as deployed. The ATM machine 140is also equipped with a camera 144 and, if stereoscopic or threedimensional images are desired, a second, stereo camera 146 will enablethe detection of three dimensional images which might be used tosimulate the appearance of the bearer of the document. A thermographicinfrared detector 148 can also be utilized to provide biometricinformation and to detect the presence of facial prostheses which may beused to create a disguise or other subterfuge. A microphone and speakercombination 149 allows voice communication or video conferencingcapability with a system operator or manager.

As with a computer, the ATM 140 can also be equipped with a keyboard150, a touchpad 152 and a fingerprint scanner 154. The display 156,which may be a touch screen, displays, after the user has beenidentified to the ATM machine 140, possibly through the use of anappropriate digital matrix pattern 74 on the document 70 which isscanned by camera 144. The moving digital matrix 118 is displayedtogether with the caricature 122 of the user and the digital matrix 124.

With the digital matrix 118 image paused, the transparent card 70′ canbe aligned with indexing arrows and the confirmation code can beascertained. As in the earlier examples, the individual code charactersare selected and the caricature 122 is dragged and dropped on thedigital matrix 124. The user's image is taken by the cameras 144, 146 incombination with cameras 142 and 148 as a part of the transaction recordand a desired amount of cash can be dispensed through the dispenser 158.

FIGS. 15 and 16 show the construction of a typical document FIG. 15including FIGS. 15A, 15B, 15C and 15D show the important layers in alaminated card 160 that includes an RFID circuit. In the preferredembodiment, there are six layers with the outermost layers being clear,wear resistant plastic.

The second layer 162, shown in FIG. 15A would be the obverse layer, hereillustrated as a possible District of Columbia Driver's License. A nextlayer 164 would function as a Faraday cage and can either be a wire meshor a layer imprinted into a mesh pattern with metallic conductive ink166.

A fourth layer 168 is the RFID circuit 170 which can be printed using aconductive ink. If desired, a two part antenna circuit can be integratedand would be inactive under normal circumstances but can be activated bya user applying and maintaining pressure on a tactile detectable domeswitch 172 through layers 1, 2 & 3 which is deactivated by manualrelease of pressure on the dome. Such a switch would make the RFIDcircuit normally inoperative and would require manual manipulation tocomplete the circuit and allow the RFID circuit to respond tointerrogation at the total discretion of the user.

As seen in FIG. 15D, the layer which is to be the reverse surface 174can be imprinted preferably using a metal ink [0012] in reverse on aclear substrate. The reverse surface 174 can include features (inreverse) such as the magnetic strip 58, the photo 66 and the code matrix68. Preferably all laminates are constructed of fluid resistant flexiblematerial and that, if bent or semi-deformed, will return substantiallyif not completely to its original finished shape or contour.

FIG. 16, including FIGS. 16A, 16B, 16C and 16D shows the construction ofa card 178 containing a mask area 56 for acquiring authorization codes.The outer surface layers would be clear, wear resistant plastic. Asecond layer would be considered the reverse layer for this document andcontains, for example, such features as a caricature 52 and a codematrix 64.

A next layer 176 is either a conductive mesh or a printed mesh 178 usingconductive inks to act as a Faraday cage for this document. As can beseen, each of the layers includes the mask 56 with clear areas throughwhich authorization or confirmation code characters could be seen. Inpreferred embodiments, each clear area could accommodate one or morecharacters which could be placed anywhere within the area. In oneembodiment, four or even five characters positions 86 could be found orlocated in a single area, each in a different part of the area.

The next layer 180, (shown in FIG. 16C) contains an RFID circuit 182,similar to RFID circuit 170 of FIG. 18B wherein a side slider switch isprovided to enable the RFID to be holder determined as always “on” oralways “off”. The next layer 184 has the reverse printed obverse layerof the document including reverse prints of the caricature 52′ and thecode matrix 54′. Preferably all laminates are constructed of fluidresistant flexible material and that, if bent or semi-deformed, willreturn substantially if not completely to its original finished shape orcontour.

Using the above domed pressure switch controlled RFID and the slidertype switch in combination within the same card as FIG. 2, 3, 4, 5, 6,or 7 provides a remarkable combination of user determinablefunctionalities within the single document or card.

FIG. 17, including FIGS. 17A, 17B and 17C illustrates an alternative useof the smart cellular phone 130 shown in FIGS. 11 and 12. Here a“virtual card” 400 which may be issued by an entity as a companiondocument to a physical card in any of the previously described formswould replace the need to carry the physical document disclosed abovebut retains the security and operational features of the above describedreal document.

Useful biometric identification data acquisition, particularly in anunsupervised environment, presents particular difficulties. Accordinglythis invention utilizes a technique that insures the rightful owner ofthe card is, by task repetition, self pre-positioned for a camera, insimilar manner to so called key stroke recognition, at the times whenuser verification is required to activate the virtual card.

In FIG. 17 A the card 400 has a caricature 52 of the individual and atransaction specific security coded matrix trigger 401 which whendisplayed to a merchant would activate their terminal for subsequent useas per FIGS. 9, 10 with a virtual card issued by the card entity to thevendor for the virtual card holder's subsequent use. The vendor'sterminal may require the completed transaction to conclude with the cardholder dragging the displayed caricature over the transaction specificsecurity coded matrix trigger. This activates the terminal's camera orcameras to collect an image or sequence of images or derived templatesthereof and transmit all that data to the entity. On completion of asuccessful transaction, the entity would forward to the card holder'svirtual card holding device 130 their receipt which may be in the formof a single use or multiple use matrix, which would be linked to thevirtual card holder's biometrics. This could be required should thereceipt be used as a boarding pass by, for example, the Department ofHomeland Security or other agencies of the government.

In another method of use, the complete transaction can be initiated andcompleted via the virtual card holding device 130. After the virtualcard holder opens the virtual card 131 via an application on device 130a card transaction with the virtual card issuing entity 135 isillustrated by one such potential entity, namely an entity that conductsa ubiquitous universal biometric authorized and validated service to itscustomers but this could apply to a single card provider who each issuesits own individual virtual cards in like manner.

A transaction is activated by initiating the displayed card's Openbutton 131. Thereafter, one such transaction could be with an aircarrier that is required to interface with the US TSA for US domesticair passenger identification and travel authority. Accordingly thetransaction may be conducted via several screens leading to FIG. 17Bwhich initially displays 131, 135, change 137, save & enter, open 131buttons and text 137. This screen is further used by activating theverification and validation transaction specific security coded matrixtrigger 124 which is activated by dragging caricature 122 and droppingit over matrix 124. During this process, the device's camera or cameras134 then collect an image or sequence of images or derived templatesthereof and transmit all that data to, in this case, the entityinterfacing with the TSA or directly.

On a satisfactory result, further display 400 is added with which isincorporated an active matrix relative to the template locators 57. Thetransaction continues in one of three ways, one button “save & exit” 139is activated which terminates the transaction at that point to beresumed at a later time. Two, “change” button 137 is activated whichresults in another template 400 being issued, or. Three, the template409 active matrix 141 is activated by touch, stylus, or cursor click.

Subsequently an active screen 120, as seen in FIG. 17C, is displayed aspreviously generally discussed FIGS. In 9 and 10 wherein locator 120randomly moves about and is stopped on the user's selection byactivating the transaction matrix 141 which stops locator 120 movement.The template is then dragged into alignment with locator 120 asillustrated and the displayed colored spheres are activated via thetemplate 75 locators. The system then recognizes the allocated alphanumeric code relative to matrix 141 against the position selected bylocator 120. When the card holder completes this “card not present”action caricature 122 is dragged over active matrix trigger 141 whichagain activates biometric camera sensor 134 as previously discussed. Asuccessful transaction is indicated, preferably, by the addition oftheir departmental seal 407 or further biometric identification may besignaled to be submitted via finger print sensor 136. Actuating the“submit” button 405 terminates the transaction.

Thereafter, as previously discussed, a virtual receipt or pass may beissued that bears the respective caricature. A single or multiple useactive matrix, is required as to the requesting individual's use ofrespective entities system or network of systems. Preferably, acaricature 122 of the expected card holder is displayed together with atransaction encrypted security matrix issued for the next appropriateuse.

For additional security purposes, a fingerprint may be required to bescanned by the scanner 136 and a photo image can also be taken by thecamera 134 before any transaction commences. Should it be necessary, the“open” button remains inactive until this action is completed at whichtime it is illuminated to signal that the required biometric data hasbeen collected. Thereafter, the transaction proceeds after the “open”button is touched on screen 132. This touch results in the transmissionof the fingerprint and photo for biometric recognition and, whenrecognized, a transaction screen is presented, as shown in FIG. 17B.Thereafter, all actions are the same as the above.

Again, on completion as above, a confirmation receipt of a successfullycompleted transaction can then be sent to the phone for later use. Ifthe transaction sought is a travel authorization, the stored receiptcould later be used at embarkation and or debarkation points to permitaccess to the facility, transport vehicle or other appropriate uses.

FIG. 18, including FIGS. 18A and 18B, shows alternative RFID deviceswhich can be separate documents on a card that can be inserted into oron a laminate of the card of, for example, FIG. 2, 3, 4, 5, 6 or 7. TheRFID device 190 of FIG. 18A is provided with a dome 172 to activatepressure switch 192 which is normally open and, accordingly, interruptsthe antenna portion 194 of the RFID circuit. Manual pressure on theswitch 192 completes the circuit, allowing the RFID circuit to respondto interrogations.

Similarly, the alternative RFID device 190′ of FIG. 18B is provided witha slide switch 196 which interrupts the antenna portion 194′ of the RFIDcircuit, thus disabling it. When the slide switch 196 is closed, thecircuit is completed and the RFID circuit can respond to interrogations.Using the slide switch 196 permits the RFID circuit to be in an activeor inactive state without the need for maintaining pressure on a switch.

An official Government Seal 28′ or corporate icon 51′ can be securityprinted with metal ink for authentication purposes and may have animbedded coded number.

FIGS. 19-22 illustrate the steps in a secure transaction utilizing adifferent form of an authenticating or confirming code while utilizing adocument as in FIG. 4 and a touch screen display as shown, for example,in FIG. 8. In FIG. 20, a group of indexing elements 200 are displayed toenable alignment with the indexing apertures 57′ so that the mask 56′can be used to find the characters comprising a confirmation code.

In FIG. 21, the display shows a matrix of numbers which also could bealpha numeric characters 202 which includes the confirmation codecharacters. In FIG. 22, the card II 44′ is placed against the screenwith the indexing apertures 57′ aligned with indexing elements 200 sothat the mask 56′ displays only the characters of the number matrix 202making up the confirmation code, in this example, the numbers 795284. Asnoted earlier, the characters can appear in any area of the mask 56′windows and, more than one character can appear in a window.

FIG. 23, including FIGS. 23A, 23B and 23C illustrate a similartransaction using a smart cellular phone such as previously describedwhich includes a camera and a fingerprint reader. In FIG. 23A, atransaction is started by contacting a web site which transmits thecaricature image 52′ of the user and an image of a digital matrix 64′.If the caricature 52′ is dragged and dropped over the matrix 64′, thecamera 134 takes an image of the user and transmits it back to thewebsite. If the user is verified, a new image is transmitted as shown inFIG. 23B.

The new image includes a virtual card 204 which includes a caricature52′, indexing apertures 206 and a virtual mask 208 with individualwindows 210. Also present are indexing elements 200′ and a confirmationmatrix 202′. The virtual card 204 can be positioned so that the indexingapertures 206 align with the indexing elements 200′. This places thecharacters constituting the confirmation code into the windows 210 ofthe virtual mask 208 as seen in FIG. 23C.

By moving the virtual card 204, a partially obscured photo image 212 ofthe user is revealed. As before, the confirmation code, here 795284 isselected with a stylus and a transmit key on the phone is accessed,transmitting the information back to the web site. As before, a photomay be taken to maintain a record of the user of the phone at the timethe transaction was consummated.

Considering the safety and security of transactions using the conceptsof the present invention, whether with real or virtual documents, yetadditional applications have been made possible. A user controlled“virtual wallet” or “purse” in which several different entities' virtualcards can be securely kept collectively and used only when the rightfulowner chooses. This aspect takes on particular importance should thedevice holding the cards be lost or stolen. “Virtual” credit or otherentity cards, in addition other user credentials, may be created assecure files and subfiles in a remote server accessible securely throughthe internet by their own user or individual owner being able to effectthe creation of a personal virtual card with its own uniqueencryption/decryption trusted key exchange for the user's personal use,Such virtual accessible documents could be a birth certificate, marriagecertificate, deeds to property, and any other valuable document whosepresentation may be required.

Such a key exchange may involve the use of multiple encrypted andre-encrypted session key exchanges and which may be triple or more timeskey transfer sequences to ensure system integrity throughout alltransactions. At least one of the keys used may be biometrically based,being derived from the user's biometrics.

These security steps are taken in order to facilitate an evidentiarychain of accountability for later use should that be necessary in alegal proceeding. Contacting the server and establishing identitythrough the use of a smart phone with fingerprint scan capabilities anda camera can retrieve an identity verification document.

As shown in FIG. 24, which includes FIGS. 24A, 24B, 24C and 24D, thevarious steps in such a transaction are illustrated. A “smart” cellulartelephone 130 with touch screen 132, such as is shown in FIG. 11, isemployed in the present example. A camera 134 and a fingerprint reader136 provide biometric verification as the identity of the user isconfirmed. An opening display for the process can include a caricature30′ and a digital matrix 32′. In the embodiment, the process is begun bydragging the caricature 30′ over the digital matrix 32′ which transmitsa signal to provide the next screen as shown in FIG. 24B, as well astaking a picture & or an iris image of the phone user via camera 134.Alternatively, a finger scan 135 or a voiceprint from microphone 133 maybe used alone or in any combination.

In FIG. 24B, a confirmation matrix 202′ is displayed and supplies thenecessary confirmation characters to the virtual card 204′ which hasindexing apertures 206′ and a mask 208′ with which to view theconfirmation code which is a onetime PIN. The code characters arerevealed when the indexing apertures 206′ are superimposed over theindexing elements 200′. The clear windows in the mask 208′ display theconfirmation code characters, here the number 795284. As in the otherexamples, the confirmation code characters are selected with manualtouch or with a stylus and the information is transmitted with, ifdesired, the photo of the user.

The server or onboard processor acknowledges receipt of correctconfirmation code input supported by biometric evidence by displaying,if correctly entered, the virtual “wallet”. If confirmed, the “wallet's”clasp 207 will open as shown. The virtual wallet can now be dragged openor for privacy may be dragged closed or opened again without locking itat any time. FIG. 24D, shows an open virtual wallet 214 together with acaricature 30′ and a digital matrix 32′. The user can then select avirtual credit card or other virtual document contained within thewallet 214 to enable a subsequent secure transaction.

At the conclusion of the owner's use, the virtual wallet 214 is draggedclosed and the clasp 207 double tapped or clicked to lock it, at whichtime another photograph may be taken to memorialize the action. Thevisual impact of the easily visible clasp position, indicating thesecurity or accessibility of the virtual cards contained therein, is asafety feature that cannot be underestimated, particularly forindividuals that may be, in part, visually impaired. Of course allfunctions that are satisfactorily accomplished may be accompanied byfunction distinctive vibrations and sounds.

All transactions for the user's audit benefit can be date time stampedand encrypted within all records that the user chooses to maintain.However, the virtual cards provided by entities other than the virtualwallet owner are not accessible unless the entity provides thatauthority within the foregoing described process.

Turning next to FIGS. 25 and 26, they illustrate a secure transactionusing a computer display 220 and a virtual card. The computer display220 is preferably a touch screen. In FIG. 25, there s shown on thedisplay 220 an image 222 of a document substantially similar to thevirtual card 204 of FIG. 24 which is to be used in substantially thesame way. Also shown on the display 220 is a caricature 30′ and adigital matrix 32′. For this phase of the transaction, indexing elements200′ are also displayed.

In FIG. 26, a confirmation matrix 202′ is displayed and, when covered bythe mask portion of the virtual card image 222, reveals a confirmationcode when indexing apertures 206′ are aligned with indexing elements200′. In this example, the confirmation code is 79584.

As with the other examples, the code can be entered by touching thedisplay 220 at those numbers. The transaction can be completed with theprovision of a virtual “submit” button on the display 220 or by anyother predetermined combination of image movement or manual activationof the display 220.

Turning now to FIGS. 27A, 27B and 27C. there is shown sequenced actions2700 progressing from left to right, to create a password type accesssequence to an operating system or application that can be accreditedwith operator verified status. This sequence is designed to be input ona touch sensitive or similar display unit such as a smart phone ortablet PC, but can also be used with a traditional type mouse controllerfor a device without touch sensitive or other gesture detectingcapabilities.

In FIG. 27A, there is shown a virtual masking screen template 2701,which is size adjustable by the operator. The process begins in theactive screen area 2702 using for this process. preformatted colorsphere matrices 2704, 2406, 2408 in various color spectrums which areselectable by the operator to suit its own color acuity. A customformatted matrix 2710 is operator created. The selected matrix 2704 isdepicted within the template being four by six colored spheres as anexample but may be more or less in number. The operator can select thenumber of points (indexing elements) 2712 required for the accesssequence, from a minimum of two but potentially to 16 or more. Here, theoperator has selected five (5) indexing elements 2714 for the matrix.Within the template 2701, the operator selects the locations 2715 of thefive indexing elements. On the selection of the final element, the colorspheres are concealed.

In FIG. 27B, from the available size templates 2716, the operatorselects the size for the five indexing elements or targets of thedesired matrix choosing the next to the largest sized active indexingelement 2718 from a choice ranging from a size equal to full sized colorsphere to a reduced size target. Selecting the larger size providessimpler input but with a lower entropic value. Selecting the smallesttarget size requires greater accuracy with a more challenging input anda higher entropic value. The operator next selects the input order 2720of the indexing elements. This can be all indexing elements or a reducedset to allow for drag and drop functionality of any or all of theelements. As shown is four indexing elements have been selected.

In FIG. 27C, the operator has elected to use drag and drop functionality2724 for the final two indexing points, from location 2728 to location2730. A menu 2722, containing preformatted and customizable templates2726 for drag and drop functionality. The operator has selected option2724 from the menu and must then identify the starting point 2728 andend point 2730. Once the start and end points of the gesture areidentified, the operator must then perform that function on the screen2725.

In FIG. 28A, the five selected colored spheres become visible at theselected indexing locations 2802, 2804, 2806, 2808 and 2810. Theoperator confirms the input sequence 2812 using the colored spheres,including drag and drop function. In FIG. 28B, an additional securitymeasure can be implemented in the form of sequential cadence, being thespeed, length of contact, gesture and pause between each indexinglocation. Additionally, the operator may elect to use each location morethan once for this feature. A display 2814 of the operator's enteredcadence uses identifying characters to represent the relative coloredspheres where “A” represents location 2802, “B” represents location2804, “C” represents location 2806, “D” represents location 2808 and “E”represents location 2810. The length of time both in contact and pausecan be seen, including a long solid contact for the drag and drop actionbetween location C and location E. In this example the operator hasentered location 2802 once, location 2804 four times in quicksuccession, location 2806 once, location 2808 once, then utilized dragand drop between location 2806 and location 2810 and a final ‘tap’ or‘click’ at location 2810. To complete setup, the operator must thenconfirm the sequence in FIG. 28B by repeating the input sequencecorrectly. Upon successful completion, the device, operating system orapplication will be unlocked as depicted in FIG. 28C.

In FIG. 28C a group of application icons 2816 are displayed, unlocked bythe foregoing described login sequence. Two applications requireadditional security for access, a Virtual Wallet application icon 2818for financial cards and transactions and a Virtual Vault applicationicon 2820 for secure documents such as Marriage or Birth Certificates,Passports or Visa documents and the like. These applications can only beunlocked with any user controlled input sequence as previouslydescribed, being simpler or more complex as desired. For any of theseproposed uses, any or all of the outlined features or options can beused independently or together at the operator's and/or operatingsystem/application manager's discretion. A sector 2822 is a shortcut toinstantly lock the device, pausing any transactions and saving thedevice's state prior to locking. This is independent of the device'sshutdown. Other security features for compatible devices could be theability to invert a handheld device or set a physical shortcut button oran emergency alert tap sequence that when entered may in addition to theforegoing initiate a covert background alert, contact or record oractivate a camera or location function.

Turning next to FIGS. 29A, 29B, 29C, 29D and 29E, a series of screens2700′ are shown which illustrate and extend the functionality describedin FIGS. 27 and 28. A menu 2902 contains a selection of stock images orthe option to select from the user's own images an alternativebackground to the colored spheres described in FIG. 27. This optionallows the operator to select images that suit personal color spectrumacuity and to utilize memory prompts from the selected image which theoperator may insert or modify in order to recognize and select itspecifically if presented as a choice between it and the original image.

For an example, the operator selects an image 2904 from the availablemenu 2902 which now includes the operator modifications to uniquelydifferentiate it to the operator from the original image to appear onthe screen 2906 of the device. FIG. 29B to FIG. 29E follow the sameprocess as previously described for the colored spheres of FIGS. 27A,27B, 27C and FIGS. 28A, 28B, 28C with the only difference being aoperator selected and preferably operator modified image in order toassist in the ability to recognize and select it specifically ifpresented as a choice between it and the original image at a later timeas the background image in the place of the spheres. An image may beused by an operator to either facilitate a more complex input sequenceor to simplify the process by using memory jogs of the picture asopposed to colored spheres.

Turning to FIG. 30A, being an extension of the functionality describedin FIGS. 27, 28 and 29, there is shown a series of screens 2700″ A menu2902′ contains a selection of stock images or the option to select fromthe user's own images, an alternative background to the colored spheresdescribed in FIG. 27. This option allows the operator to utilizepersonalized memory prompts from the selected image. For this example,the operator has selected an image 2904′ from the available menu 2902′which is a cartoon that will now appear on the screen 3002 of thedevice. The option of an operator selected cartoon or image also allowsthe potential to add custom elements to the image through a modificationmenu (not depicted). This would be a further aid for memory retention ofcomplex custom designed gestures resulting in an access sequencepassword with an extremely high entropic value while retaining operatorsimplicity and speed of use.

The operator's selected indexing elements 3004, as described in FIGS.27A and 27B are shown here. The indexing elements are represented astriangles rather than crosshairs, as they are more suited to a picturebackground. The operator can select the size of the indexing elementsfrom a menu 2716′, similar to that described in FIG. 27B. As theindexing elements are placed in selected locations 3006 and aredisplayed on the screen, the triangle shaped indexing elements 3004 arehidden, revealing the image locations which the operator has selected.In this example the operator has chosen index location pointsrepresented by sections of tree, a bird in the sky and the door handleof the depicted car. A gesture menu 2722′ allows the operator to createa custom gesture sequence with a start point 2728′ and an end point2730′ for the custom gesture on the screen. The menu 2722′ can thenprovide visual, audible and/or haptic feedback, according to operator'ssettings as confirmation.

The operator selects a custom gesture 3008 from a menu 2722′, whichcould be performed on the touch sensitive screen of a device by gestureor by another pointing device. The menu can then provide visual, audibleand/or haptic feedback according to operator's settings as confirmation.

In FIG. 30B, the selected custom gesture 3008 is depicted in thepreloaded templates of gesture menu 2722′ of FIG. 30B. Once the operatorconfirms the gesture is correct, it is now stored in this locationpermanently and available for future use as shown in the third screen ofFIG. 30A. The cadence menu 2814′ of FIG. 28B, in this instance, has notbeen elected for use by the operator. A confirmation of the accesssequence must then completed to finalize setup before the device can beunlocked as detailed at FIG. 28C.

Turning to FIG. 31A, the process of unlocking a secure application inthe device, having already successfully entered the access sequencepassword for the device and its operating system is depicted. The device3012′ is shown in an unlocked state. Depicted on the screen are a numberof applications icons as explained in FIG. 28C. The applicationrepresented by icon 3112 is locked irrespective of the unlocked state ofthe device, this application being the Virtual Vault, as detailed inFIG. 28C.

FIG. 31B depicts the login or access screen which is invoked to open theapplication. This screen is accessed by selecting icon 3102 in FIG. 31A.A series 3104 of personally selected colored spheres as outlined in FIG.27 is displayed. In this instance the operator has previouslyestablished an access sequence password for the application and one mustinput this sequence to unlock the application. As with the deviceoperating system, all, some or only one aspect of the access sequencesetup need be adopted as the operator deems appropriate forrequirements.

In FIG. 31C, the Virtual Vault application is shown unlocked with aseries of options on the screen. A simple instruction to select adocument is shown as a command 3106 on the screen. A shortcut 3108 isdisplayed, which, when accessed, quickly secures the Vault if theoperator is disturbed whilst accessing a potentially secure document. Afiling cabinet icon 3110, when selected, will open a gallery of thecontained documents, which could include but is not be limited toDriver's Licenses, Birth Certificates, Marriage Certificates, Passportsor Visa documents.

Referring back to FIG. 31A, there is a similar locked icon 3112 for aVirtual Wallet application which, when accessed would permit use ofstored financial documents which could permit credit or debit cardtransactions or permit banking or similar transactions. The accesssequence password could be the same as that for the Virtual Vault oranother independent completely different password. As before, all, someor only one aspect of the access sequence setup need be adopted as theoperator deems suitable for its requirements.

In FIGS. 32A and 32B, an alternative embodiment of a Multiface Documentis shown. There is shown the Obverse Surface 3202 of Card I and theReverse Surface 3204 of Card II. A grommet 11′ holds Cards I and IItogether securely but preserving the ability of the cards to rotateabout the grommet 11′.

For added security, an identifiable sealing grommet 3224 can be combinedwith or can modify the grommet 11′.

A Public Key Infrastructure (PKI) cryptographic key 3206 is shown as atwo dimensional barcode or matrix form which has been issued by anentity with which the holder has a relationship. This PKI is machinereadable in order to effect secure transactions or communication betweenthe individual and the issuing entity. In this reading process the 2Dbarcode or matrix would appear on the utilized device's display. A NearField Communication (NFC) RF chip 3208 is included to effecttransactions by the individual and the issuing entity. On the reversesurface 3204 of card II there is provided either a conventionalread-only or reprogrammable magnetic stripe 3210 with onboard processorcapabilities, allowing it to reprogram itself after each use. Each typeof magnetic stripe 3210 is vulnerable to damage and both containsensitive data related to the holder if copied and accordingly beenplaced on the protected reverse face of card II. An internal faradaycage 3212 is inserted to the rear or closest to the obverse cardsurfaces to protect the NFC chip 3208 and the circuitry of the magneticstripe at 3210 from being compromised by unauthorized access.

In FIG. 32B there is shown the Reverse Surface 3214 of Card I and theObverse Surface 3216 of Card II. Also shown is the grommet 11′ and theidentifiable sealing grommet 3224. A second Public Key Infrastructure(PKI) cryptographic key 3218 in two dimensional barcode or matrix formissued by an entity with which the holder has a relationship. This PKItwo dimensional barcode or matrix is machine readable in order to effectsecure transactions or communication between the individual and theissuing entity. In this reading process the 2D barcode would appear onthe utilized device's display.

A second Near Field Communication (NFC) RF chip 3220 to effecttransactions by the individual and the issuing entity is placed in cardI. Also on the reverse face of card I is a second either a conventionalread-only or reprogrammable magnetic stripe 3222 with onboard processorcapabilities allowing it to reprogram itself after each use. Each typeof magnetic stripe is vulnerable to damage and has accordingly beenplaced on the protected reverse face. An internal faraday cage 3212′component is placed closest to the external or obverse surface toprotect the second NFC 3220 and the circuitry of the magnetic stripe3222 from being compromised by unauthorized access. Due to the locationof the NFC chips 3208 and 3220, a partial opening of the MultifaceDocument is possible, meaning only the desired NFC is unprotected by thefaraday cage at any one time during use.

Such a document does not need to incorporate all of the depictedfeatures, and could also include other features as required by anissuing entity in order to be used retrospectively with legacyequipment. Furthermore, such a document could be used in a tamperevident delivery environment function to issue both Public and PrivateKey data in a cryptographic environment that, for example, uses a PublicKey Infrastructure between individuals or an individual and an issuingentity or to effect the confidential exchange of othersymmetric/asymmetric key issues in order to effect trusted digitalsignatures between parties in lieu of delivery by, for example,diplomatic exchange.

Referring now to FIGS. 32C and 32D, there is shown a mini-sizedMultiface Document for convenient carriage or concealed operation. Aminiature form 3226 of the cards of FIG. 32A, is shown, in thisinstance, lacking a magnetic stripe. Similarly, a miniature form 3228 ofthe cars of FIG. 32B, is shown also lacking a magnetic stripe. This cardis intended to be used in like manner as FIGS. 32A and 32B, and may becarried on a key-ring or as a fob.

Turning now to FIGS. 33A, 33B, and 33C. there are shown alternativebarcode or matrices. For example, in FIG. 33A, the reverse surface ofMultiface Document 3204′ (similar to that shown in FIG. 32A), includes2D Barcode or matrix 3206′ which may include a PKI Key in addition toother sensitive information.

FIG. 33B, shows a 2D Barcode or matrix 3206′, but indicates the fourpositioning markers 3304. A mask 3306 can be placed on a lamina that ispositioned over the bar code to obscure the barcode on the screen of theoperator's device scanning the code. The code itself is obscured toprevent it being scanned or copied by a possible third party either bycovert device or screenshot.

At FIG. 33C, the obscured code 3308 is depicted on the screen of a“smart device” 3318, such as a mobile phone or tablet or pc which hasbeen preloaded with the obscuring template as part of the applicationthat reads the barcode. This would obviate the necessity of an obscuringlamina

At FIG. 33A, another form of barcode or matrix 3310 is depicted as anexample of other types of matrices, all of which are or could be used inlike manner. In FIG. 33B, a series of indexing lines or positioningmarkers 3312 are shown, similar to the positioning markers 3304, but ina different form.

The generated mask 3314 for this type of barcode or matrix 3310, whendisplayed on the screen of the operator's device scanning the codeobscures the code itself to prevent it being scanned or copied by apossible third party either by covert device or screenshot. In FIG. 33C,the obscured code 3316 is shown on the screen of a “smart” device 3318,such as a mobile phone or tablet pc which has been preloaded with theobscuring template as part of the application that reads the barcode.

FIGS. 34A and 34B show yet another alternative Multiface Documentsimilar to that shown in FIG. 1. In this embodiment, there is included atransparent document 3402 containing a visible faraday cage which isinterleaved between the reverse surface of Document I and the reversesurface of Document II. This is done to protect the contained RFresponsive ICCs, NFCs or RFIDs or any readable surfaces contained on orin Document I or Document II. This transparent portion may also includeindexing capabilities as a substantially clear document which will havelittle or no effect on a visual display screen or device, particularlyif the display is of a touch sensitive type. An NFC 3404 or othercontactless chip on reverse face of document II is protected by anembedded Faraday cage 3408 between it and obverse face of document II.The chip's 3404 location 3406 is shown in dashed lines on the obversesurface of Document II, concealed beneath an embedded faraday cage 3408Should a chip be embedded in Document I in addition to Document II, anidentical, embedded faraday cage would be specified in each.

Yet another embodiment of the multiface document is shown in FIGS. 35A,Band C, wherein there are two obverse and two reverse surfaces, butaffixed in a fashion that it is intended to be used as a singledocument. The reverse surfaces of the document are only accessible toauthorized parties which could include technicians of the issuing bodyof the document. Further, should the reverse surfaces be exposed byunauthorized parties, security features will ensure that the tamperingis evident and the card becomes unusable. These security features caninclude light sensitive inks and interdependent circuitry and inconstruction would preferably be laid down starting with the reversesurface as each documents base and built up from there where metallicink/paint may be used or metal deposition to create the internalstructure.

Obverse Face I and Reverse Face I of the document could potentially beissued by one entity and Obverse Face II and Reverse Face II by a secondentity who by agreement intend the functions to be utilized as aco-joined multiface document. Both documents could also be issued by thesame entity, for example, to access two or more different services orprovide increased functionality over a traditional dualface document.The Obverse 3502 of Document I includes all of the features that wouldtraditionally be included on the two surfaces of a standard dual facedocument. These include an image of the bearer 3504, NFC logo 3510, amagnetic stripe 3518, a 2D barcode 3408 and NFC or RF chip and itstransmitting antenna 3514. A predetermined non-faraday cage protectedarea 3506 is provided in order that the NFC or RF chip on Reverse II3552 may be read through Obverse I 3502.

A faraday cage 3512 is embedded between Obverse I 3502 and Reverse I3520 and above the containing layer 3526 of electronic circuitry. Aconcentrated faraday cage screen 3516 is placed above the RF chip andits antenna 3514. Apertures 3524 at points on Reverse I allow unimpededRF communication through these points only. Circuitry 3526 is laid downby metal ink or deposition applied to surface 3520 to create metalstructures. A combined Obverse Reverse of Document I 3530 displays allfunctions and circuitry from both Faces of the Document.

FIG. 35B shows, in this example, a document identical to that displayedin FIG. 35A, but designed to work in concert with Document I whenco-joined. FIG. 35C depicts the two Documents being co-joined by ReverseI and Reverse II. The co joining may incorporate an invisible hinge 41.as depicted in FIG. 2, The invisible hinge 42 can also facilitatecommunication and, if necessary, be a power link between Document I andDocument II. The finished Multiface Document will have the samedimensions including depth as a conventional financial institution dualface documents, allowing compatible use with all existing technology andfunctions.

Thus there has been disclosed a novel document having a plurality ofsides, most of which are normally concealed. The document includesfeatures that are images that are sufficiently degraded so as to defeatfacial recognition equipment yet not so degraded as to prevent a humanobserver to confirm that the image is that of a legitimate bearer of thedocument. Real images of the bearer on the concealed side arestrategically covered with a non transparent official seal thatobstructs enough of the image to substantially defeat face recognitiontechniques but sufficiently exposed to facilitate human confirmation ofthe holder.

Other features include masks that can be used with displays to selectauthorization or confirmation code characters from a matrix ofcharacters. The documents can also include magnetic strips and othertypes of machine readable lines of text which can store informationabout the person with whom the document is associated and informationstrips containing data susceptible to optical scanning

The document can have embedded an RFID processor circuit or a pluralityof RFID processor circuits, any one or all of which can be interrogatedand, alternatively, the RFID processor circuit can be made operable orinoperable by the bearer.

Moreover, the document need not be a physical document but can exist asa virtual document which possesses the features of the real document andwhich can be used in a similar fashion in conjunction with computer orother machine displays or with smart cellular telephones or the like.The telephones and displays can have, associated with them, cameras,fingerprint scanners, thermographic infrared sensors and other devicescapable of acquiring biometric information about the authorized beareras well as reading high density data images from other documents in bothreal and virtual displays.

All of the foregoing embodiments may utilize computer, smart phone orthe like with specific applications that, during the loading sequence,will incorporate the identification data of the device, including itsdisplay size and features such as touch sensitive, as well as that ofthe authorized user or users should there be more than one. Thisfacilitates specific verification and or authentication sequences thatwill facilitate speedy transactions between different computer-smartphone or the like combinations.

All of the techniques taught or described herein preferably utilize afour factio test when enabling access to secured data. Such a test isdefined by the presence of the following elements:

1. Something one has—a device;2. Something one recognizes—a self formatted and colored spheres or aself modified image or cartoon;3. Something one knows—a selected sequence of entry locations; and4. Something one can do or perform—the rhythm and consistent timing of acomplete data entry sequence.

The above also requires simplicity and memory prompts achieved by theindividual's own modification of a presented image and the ability toselect it from other similar images

Further, each specific application embodying this feature will beenabled in such a way as to facilitate its remote decommissioning shouldit be lost or stolen. Additionally under such circumstances, thespecific application that has been decommissioned may be capable ofoperation in a “stolen” mode to self report its location via inbuilt GPSfunctionality as well as gathering biometric data from any attempteduses for evidentiary use in any subsequent legal action.

Yet another disclosure is an ATM machine that does not need a cardtransport and security reading mechanism or a keyboard despite itsillustrated presence in FIGS. 13 and 14. Such an ATM can operate inconjunction with a touch screen or the like in conjunction with virtualcard transactions being instigated or completed via mobile smart phonein all aspects except the confirmed cash dispensing function which canbe enabled by an appropriate image on a handheld device. This will savesubstantial time in front of an ATM, freeing it up for other users inhigh volume areas. All of the foregoing ATM features and the physicalmachine as well as users being under direct integrated countersurveillance cameras can proactively detect unlawful acts and recordencrypted evidence of the same under any lighting condition.

Other embodiments and techniques within the scope of the invention willmanifest themselves to those skilled in the art. Therefore, the scope ofthe invention should only be limited by the claims appended hereto.

1. Means for confirming identity to gain access comprising: a. a firstcard including data storage means and having an obverse face and areverse face; b. a second card including data storage means and havingan obverse face and a reverse face; c. fastening means for securing saidfirst and second cards together with reverse faces adjacent each otherand with obverse faces being external, said fastening means permittingaccess to said reverse faces; and d. said external obverse faces datastorage means being reserved for data not deemed sensitive if viewed bythird parties and said internal reverse faces data storage means beingreserved for data deemed sensitive and private; whereby data is easilyrecovered from said external faces and a user would have to expose saidinternal faces in order to recover data could from said internal facesand access is only obtained utilizing data from said internal faces. 2.The means for confirming identity of claim 1 above wherein said firstand second cards are multilayered.
 3. The means for confirming identityof claim 1 above wherein at least one of said faces has a magnetic stripfor storing data.
 4. The means for confirming identity of claim 1 abovewherein at least one of said faces has a matrix code in whichinformation is embedded.
 5. The means for confirming identity of claim 1above wherein at least one of said cards contains an RFID capable datastorage element.
 6. The means for confirming identity of claim 1 abovewherein at least one of said cards includes a transparent area.
 7. Themeans for confirming identity of claim 5 wherein said transparent areais not apparent when the first and second cards are in adjacentalignment.
 8. The means of claim 5 wherein said transparent area issubdivided into a plurality of transparent areas arranged in apredetermined array to form a mask.
 9. The means of claim 1 furtherincluding an RFID chip on at least one of said inner layers and faradayscreens laminated in the interior of said cards between said inner andouter faces whereby said RFID chip cannot be accessed when said cardsare in adjacent alignment.
 10. A machine-implemented method forauthenticating a user session, comprising: displaying a personalizeddigital image on a display screen; receiving a user drawing set executedby a user over the personalized digital image; associating a userdrawing set member with a user position set; and determining the userdrawing set member and the digital image match in part if a userposition selection corresponds to said user position set andauthenticating access to the user session if the user position selectionduplicates said user position set.
 11. The method of claim 10, furthercomprising: tracing the user position set over the drawing set andpersonalized digital image.
 12. The method of claim 10, wherein the userdrawing set includes at least one of a user touch point, a user curvegesture, a user line gesture, and a user freestyle form gesture.
 13. Themethod of claim 10, further comprising: associating a drawing set memberwith a set of timing data indicating at least one of duration of entryand speed of entry.